HDCP Master Key Is Legitimate; Blu-ray Is Cracked

adeelarshad82 writes "Intel has confirmed that the leaked HDCP master key protecting millions of Blu-ray discs and devices that was posted to the Web this week is legitimate. The disclosure means, in effect, that all Blu-ray discs can now be unlocked and copied. HDCP (High Definition Content Protection), which was created by Intel and is administered by Digital Content Protection LLP, is the content encryption scheme that protects data, typically movies, as they pass across a DVI or an HDMI cable. According to an Intel official, the most likely scenario for a hacker would be to create a computer chip with the master key embedded it, that could be used to decode Blu-ray discs."

Re:TFS is confusing

[farnsworth]

I believe it allows someone to pop a blu-ray disk into a ps3 (or any other standard player) and dump the output to a digital-perfect file. This was not possible previously. It's not something I would do, or could do with my time constraints, but I would expect many more huge torrents to emerge because of this.

Re:challenge

[tdelaney]

Or maybe implement a "virtual display" driver that claims to support HDCP ...

Re:challenge

[Anonymous Coward]

Or build a PC with a DVI/HDMI input. If all you want to do is strip the encryption a cheap PC
could do that then output the unencrypted data.

Maybe we'll also finally get HDDVD/BluRay support in Linux now.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:G'huh?

[pcx]

Ripping a blu-ray is a hellacious experience. Once you rip the disk to the hard drive you may have totally unprotected data but figuring out how to package that data can be a real challenge. A dvd can barely hold a movie, a blu ray can hold a movie and features that are as long or more-so than the original movie, so you just can't pick the file with the longest play-time. Getting sub-titles and chapters involves using several ( let me stress several here ) user-un-friendly programs in a long-tedious and very error-prone workflow. And the studios haven't even begun to exploit java to further obscure how to piece together the myriad bits and pieces of 50gigs of data into a single movie file.

Now someone can build a little PCI card with an HDMI in jack, press play on your player software, press record on your computer and ~2 hours later you have a perfectly encoded movie file that can be a perfect copy of the original.

Unfortunately it will take an act of a luddite congress to make accessing your video collection as painless, effortless and legal as accessing your music collection.

Re:not protects

[Anonymous Coward]

Ever had a lot of "shiny discs" that aren't so shiny after your wife and/or small kids get their hands on them? I don't want to keep repurchasing the same stuff over and over. If I can put it on DVD-Rs or my HDD attached to a video player, the original discs can stay safely put away.

Yeah, there's people not paying for it in the first place, but it's not all of us. And on that note, have you never felt ripped off by paying for a crappy movie after seeing a trailer that (IMHO) fraudulently led you to believe it would be good? The "thieving" goes both ways.

Use how you want to

[microbox]

There is not a chance in hell that I'd buy a blu-ray unless I could store and back-up the contents on a regular media server. I hate all those little plastic boxes, and I also hate the anti-piracy messages and studio branding.

Net result: I've found better things to do with my time.

Re:Hear that MPAA?

[sangreal66]

Blu-ray movies have a coating that offers incredible protection from wear and tear. Pirates need to come up with a new excuse

Re:Summary left out one important detail

[bm_luethke]

I've purchased a few geek/nerd shirts over the years and most are just to pass away the time - there have really only been two I truly liked (I have a few that were given to me that mean more to me).

The second place slot was an OpenSSH shirt that the front said something along the lines of "SSH, it is a secret" and the back had a blowfish with rsh, ftp, and telnet gravestones and freshly dug gravestones. It was something that other people that knew about OpenSSH got immediately and something that generated questions in other people. Having been asked enough I had an answer that most people didn't have their eyes glaze over, though few were interested in it.

My favorite was the DeCSS shirt with the the CSS logo and the red circle with a slash and the source on the back. It garnered an *enormous* number of questions and was an easy sound bite whilst standing in line to the cashier in the grocery store. By that time most had DvD's and most could understand the issues - indeed it was a time when most could go back and try what I said and then look it up and be angry. I regularly shopped the same places (being in college at the time limited my shopping to mostly k-mart and wal-mart) so they tended to remember me by my shirt and make comments on what they had discovered. Unlike the OpenSSH it was something they could understand *and* be irritated at when pointed out.

IMO that was a perfect shirt at the perfect time for a politically active geek in the US (be they Republican, Democrat, or Something Else). It was something we could all get behind, was fairly easy for non-geeks to understand, and there was *clearly* a civil rights violation going on (though it each "side" blamed the other). Not to mention the whole amusement factor of the shirt being illegal to wear. Sadly a great deal of those issues are still being fought today but in a way that a simple shirt can't express.

Am I missing something?

[falken0905]

The fine folks at Slysoft have had HD/BD ripping capability in their AnyDVD-HD product for quite some time. If the object is simply to be able to rip your Blu-Rays to hard drive, why is this key such a big deal? Or, do some users have other reasons that actually involve the data stream between the player/device and their display? Or, maybe I mis-understand the whole thing.

Re:Weve seen that argument before

[srothroc]

most people aren't pirates

Really? I would be very hard-pressed to name even one person that I personally know who has never downloaded a movie, a song, or a game that they did not buy.

Re:G'huh?

[Psyborgue]

You're implying a player has to play the movie back at full speed. Frame by frame capture at a reduced speed (or even on demand a-la frameserver [wikipedia.org]) works just fine. DVDs could be ripped that way before deCSS. All it would take is network or even bluetooth control of the player and a hdmi capture card. The only thing that has to be played back at full speed is the audio, and that can be done on a separate pass and re-muxed [wikipedia.org] when the video is finished encoding.

Chinese Player

[aepervius]

Chinese player will care, and will be able to CHURN out *CHEAP* Blue ray player and undercu5t the big boy which paid their license. Some country might restrict the import, but you know as well as me that they will fight a losing battle as people will find way to buy those in neighbor lands and import them illegally.

So. Yeah. Putting the code in a chip is what is the immediate danger for the big player, not the oft cited "copyer" which bit torrent stuff.

Re:This is the universal hack.

[Impeesa]

All digital content ultimately ends up as an HDMI stream protected by HDCP.

With HDCP compromised that stream can eventually be captured. All that needs to happens is for a company to make a NON-HDCP compliant capture card which just happens to be easily flashable. Think they might end up selling a lot of those? Think some companies in asia would be willing to make that "mistake".

Kind of funny, when you think about it. Used to be that the shady Chinese knockoffs were the less useful hardware, because they wouldn't go to the extra effort to make them work right. Now, it's easy to conceive a scenario in which the cheap stuff is the most functional, because they won't go to the extra effort to properly break them.

Re:Weve seen that argument before

[ubermiester]

You buy it - you own it. That's how it used to be

not true. you bought the medium, (record, printed paper), but even back in the "good ol days", you did not purchase the right to the actual content. And today almost all of our information is encoded digitally and much of it is transmitted across the internet, so there is no longer any natural limit on infringement.

I agree with you concerning the effect copy prevention has on the "average consumer", and i tend to shop for more open formats. But people will always choose free over not free. And "retailers" like the Pirate Bay don't charge for the service (they make their money from ads) so they facilitate people's instinct to get something for nothing, and make millions doing it. All the while saying that they are defending free speech or whatever. They just make it easy to walk right past the producer of the content and take their shit without paying. And that seems really, really cool. Until you think about it a little.

Why confirm?

[Loconut1389]

What I don't understand, and maybe this has been answered already, is why did intel even confirm this? What did they stand to gain? People will confirm this on their own, confirmation by intel only speeds things along to HDCP++ or something doesn't it?

Side Effect

[tabdelgawad]

Perhaps they can now stop worrying about plugging the analog hole.

Re:not protects

[Facegarden]

That's funny coz the "pirates" in my country don't need this key to copy stuff.

They just copy the entire disks as is, and any player that can play the original can play the copy.

It's like making a photocopy of a book in a language you don't understand. It doesn't matter if you can't understand it, all that matters is the end-user (player) can.

That's probably not what's happening. Blu Ray disks won't even let you read them unless you have the key. Only "Legitimate" players (software, or hardware) are allowed access to those keys.

Most Blu Ray copies exist because an indivdual key for that particular disk was sniffed. Then "Illigitimate" software can load the key to make a copy. But you can't even access the data without some kind of key. Your pirates probably DO rely on "Illigitimate" software that uses sniffed keys.

This new leak is the *Master* key with which they made all those individual keys that the disks are protected with.

Which means we can now generate good keys on the fly. Which, I'm led to believe, lets us copy any Blu Ray disk without first having to sniff the key. Though that last part I'm still not sure about. But thats what it seems like.
-Taylor

Re:Weve seen that argument before

[xtracto]

I think that in a world without Copyright (and the like) the only think we would not have is the crap copyrightable stuff (e.g., Britney Spears, Eminem, etc...) mainly because such media is only famous due to its heavy marketing and not its quality.

For example (borrowing from your analogy) how many really bad recipes do you know that are famous? I know none (except the ones for food I don't like) and I have lived in 3 countries, traveled to more than 12 and I like gastronomy.

The interesting thing is, I am sure in 200 years people we look back at our time and will see efforts like PirateBay, RlsLog, Gigapedia, the Scene, etc as the "good guys" who made a very strong effort to share our culture. In the same way we see Kings,Queens and Fathers of ancient empires who either wanted to have control of information or encouraged its dissemination.

Re:not protects

[zmollusc]

Erm, a blueray disk's data is just a sequence of bits, I believe. Surely some clever clogs can build a machine to look at the data track(s)? How can the disk 'not let you read it' ?

Re:Weve seen that argument before

[spazzmo]

This quotes sums up the morals of the entertainment "industry": If Coca-Cola accidentally created 100 million cans of faulty Coke, you know for sure the entire 100 million cans would be dropped in the Atlantic or Pacific Ocean, without a second thought and irrespective of what that did to the year's profits. What do we do with a crappy movie? We double its advertising budget and hope for a big opening weekend. What have we done for the audience as they walk out of the cinema? We've alienated them. We've sold audiences a piece of junk; we just took twelve dollars away from a couple and we think we've done ourselves no long-term damage. — David Puttnam, movie producer; GQ magazine, April 1987

Re:Weve seen that argument before

[KlaymenDK]

I would be very hard-pressed to name even one person that I personally know who has never done anything criminal. It is arguably part of growing up.

Personally, I have never shoplifted or stolen a bike, but I'm absolutely positive that I have, during the years, done a number of things that weren't exactly legal. Now, however, I am (in the view of my friends) almost painfully legit. I can say that I do not own a single piece of software, prose, film, or music that I did not obtain legally. That means free software, public domain e-books and store-bought paperbacks, tv-recorded shows or store-bought dvd's, and store-bought cd's (I like to have the covers, even if I rip them to flac first thing).

I would think that the majority of the media of the majority of the population is legal. Further, I concede that I also expect the majority of the population to possess a minor amount of illegally obtained media.

Therefore, I believe your statement that "most people [are] pirates" is false, and that it is fair to circumvent arrangements that clearly punish the wrong people (a perfect example being the (otherwise) unskippable "do not copy this dvd" message).

Re:TFS is confusing

[amb5l]

Coincidentally I was asked yesterday whether it would be possible to distribute video from a satellite STB via a wired home network. I read up on MythTV and various other solutions to streaming video, then realised the STB has an HDMI output. Ouch, I thought, that's the end of that - for protected HD streams anyway.

But today things have changed: it's now possible (in principle) to build a HDMI video capture card, or an HDCP stripper out of an FPGA.

Most of the discussion here assumes people with use the key for ripping/piracy but I think opening up media streaming to HDMI sources is the most important breakthrough. Although HDCP strippers do alread exist (e.g. HDfury) they must rely on black market parts (buying HDMI silicon requires signatures on legal agreements). I am going to tell my friend that my answer to his question just changed from "no" to "sometime soon". (Assuming I can come up with a real time encoding solution, which will probably not be trivial...)

I never could see why the content protection agenda needed to include restrictions on how you wire up your video sources and displays, and am glad that part of it has been defeated.

Re:not protects

[m50d]

Writing firmware for the drives (or rather, dumping the existing firmware and tweaking it slightly) has been one of the standard techniques in bluray ripping for at least a year now.

Re:This is the universal hack.

[TheGratefulNet]

google the 'rigol scope hack'. a chinese oscilloscope that can be firmware hacked (with linux/usb serial driver and a usb cable - that's all!) to run at 2x its speed. instead of a 50mhz scope, you get a 100mhz one.

many people believe the chinese company, itself, disclosed that hack in order to sell more of its scopes. it never 'fixed' the bug and its still do-able (I have one, of course).

lets hope that some chinese vendor leave some menu in their product and that that unit becomes a nice 'embedded break-it board' for the world.